Posted
by
Bink on
on October 15 2009, 1:05 PM
with no comments
When you think about a virtual switch, do you envision a black or dark-blue box that consumes 1U or 2U at the top of server racks? That ever-present device from Cisco, 3Com or Juniper creates the networking fabric within which your IT infrastructure communicates. Built into its network hardware is a mature Internetwork Operating System that enables the complex routing, switching and access control that users have come to expect from production networks.
Yet any vision of a virtual switch that exactly mirrors a physical one is only fantasy with today's technology. The virtual switches within virtualization platforms such Microsoft's Hyper-V might resemble their real-world counterparts, but virtual switches today provide only a subset of the capabilities of physical servers.
That lack of functionality can be a problem for organizations that make assumptions about virtual network security. Simply put, virtual networks are not physical networks, and they need special attention to be secured properly. First and foremost, Hyper-V's virtual switches are "Learning Layer 2" devices, which means they route their packets based on Media Access Control addresses. It also means that Hyper-V's switches don't understand and can't process the more-advanced IP-based routing and access-control features commonly found in today's Layer 3 switches. In essence, an access control list (ACL) can't be applied to an internal Hyper-V virtual switch using current technology.
Hyper-V's virtual switches are also limited because they lack support for third-party monitoring and enforcement of virtual network traffic. Once traffic leaves a physical network and enters Hyper-V's internal virtual realm, it disappears from any external intrusion prevention or detection systems.
Thus, a Hyper-V networking environment requires a few workarounds to duplicate the high levels of security found in some physical servers.
Continue At Source
13573 Views